WASHINGTON — Senate health honcho Bill Cassidy is demanding Mayor Zohran Mamdani’s team explain the hack into the NYC Health + Hospitals system in which cyber intruders lurked for over three months without detection.
Cassidy (R-La.), who helms the Senate Health, Education, Labor and Pensions (HELP) Committee, raised concerns about the data breach that exposed personal information of patients in the country’s largest municipal health system.
“At a time when hostile actors are increasingly using sophisticated tactics leveraging artificial intelligence, it is essential for the health care sector to take meaningful steps to safeguard patient and consumer information,” Cassidy wrote in a missive to CEO of NYCHHC, Mitchell Katz, who was reappointed to the post by Mamdani.
“The recent cybersecurity incident affecting NYC Health + Hospitals, the largest public health system in the United States, highlights the risk cybersecurity incidents pose to patients.”
Hackers are believed to have snatched medical records, fingerprint scans and personal data from over 1.8 million individuals.
The breach spanned from at least November 2025 through February 2026 and the cyber intruders copied reams of sensitive information, ranging from patient health details to billing information.
NYCHHC touted several steps it took to prevent future attacks, including new detection and protection technologies.
“It reset credentials for all compromised accounts, implemented enhanced detection rules targeting the specific tools and techniques suspected to be used by the unauthorized individual, and updated its remote access management policies to prevent similar unauthorized entry points in the future,” NYCHHC explained.
But Cassidy is seeking more specifics.
The Louisianan requested the hospital system brief his team on the security protocols used, whether the system is taking best cyber practices from other critical industries, when NYCHHC notified the feds of the cyber attack, how it investigated the breach, and steps taken to help the individuals whose data was taken.
The trained gastroenterologist is seeking answers to those questions by June 18.
When asked about the letter, an NYCHHC spokesperson told The Post that the safety of patients and employees “is paramount.”
“We took appropriate actions, including alerting our staff, noticing the public, and informing appropriate authorities. We have also offered all those affected tools to ensure that their credit can be monitored and protected,” the spokesperson added.
Cassidy has pushed for legislation such as the Health Care Cybersecurity and Resilience Act to strengthen cyber infrastructure in America’s healthcare system.
The senator has also scrutinized other high-profile healthcare security breaches, including Hims & Hers, UnitedHealth Group, and more.
Cassidy has conducted inquiries into Mamdani related to antisemitism and the New York City Health Department’s working group that was formed in response to what it described as an “ongoing genocide in Palestine.”
Cassidy was edged out of his GOP primary for reelection last month after President Trump threw his weight behind Rep. Julia Letlow (R-La.) in a move that has inflamed tensions within the Senate Republican Conference.
